<!--this page will insert a new employee-->
<?php
//written by: Marcos Resendiz
session_start();
require_once 'php_includes.php';
require_once 'time_functions.php';

//Make sure logged in
checkLogin();
//Makes Sure the User is a manager
checkManager();
?>  

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<title>Payroll and Timesheet Management Website</title>
    <link rel="stylesheet" type="text/css" href="styles.css"/>
  	</head>
  		<body>
  		<?php writeHeader(); ?>
  		<p>
  		<span class="pageheader">Add Employee Result</span><br/>
  		<?php 
  			//Connect to the Database
  			sqlConnect();
  			//Will hold the users ID for later use.
  			$managerID=$_SESSION['tmsUserID'];
  			//Will hold the managers ID for later use.
			$sql = "select ManagerID from Employee where EmployeeID = '$managerID'"; 
	
			// Perform Query
			$sqlresult = sqlQuery($sql);

			$result = mysql_result($sqlresult, 0, 0);
			
			//Will hold the user Id entered for verification. 
			$find=$_POST['userid'];
			
			//Will check if the Id Exists already or not with $find which is the Employee ID entered
			$check = mysql_num_rows(sqlQuery("select * FROM Employee WHERE EmployeeID= '$find'"));

			//If the ID exists already It will Exit and ask the user to go back.
			if($check>="1")
			{
				exit("<font color=red> Employee ID Exists Already, Please click <a href=\"addemployee.php\">here</a> to go back. </font>");	
			}
				else 
				{
					//Makes sure that the userId and Session User Id are not the same because only managers have same user ID and same ManagerID
					if ($_SESSION['tmsUserID'] == $_POST['userid'])
					{
						exit("<p>Illegal Action! Please choose a different Employee ID <br> Click <a href=\"addemployee.php\">here</a> to go back.</p>");
					}
						else
							{
							//Checks if the user has entered values in all fields
								if(empty($_POST['userid']) ||empty($_POST['password']))
								{
									exit("<p>You must enter values in all fields of the Add Employee form! <br> Click <a href=\"addemployee.php\">here</a> to go back.</p>");
								}
									else
										{	
											//is the employees start date
											$startDate=date("Y-m-d");
											//adds employee to database, ID, manager ID, password and start date.
											$sql2="INSERT INTO Employee (EmployeeID, EmployeePassword, ManagerID, EmployeeStartDate) VALUES ('$_POST[userid]','$_POST[password]','$result', '$startDate')";
											if(!sqlQuery($sql2)) //If the query cannot execute, then it will not be able to add manager.
											{
												exit("Cannot Add Employee!! <p>Click <a href=\"addemployee.php\">here</a> to try again.");
											}
												else
												{
													//This will print two buttons, one to add another employee, one to view added employee
													echo"<form action='employee.php' method='post'>";
													echo"<input type='hidden' name='empID' value='$_POST[userid]' />";
													echo"<input type='submit' value='View Employee' class='button' /></form>";
													
													echo"<form action='addemployee.php'>";
													echo"<input type='submit' value='Go back' class='button' /></form>";
													
													//Close DB
													sqlExit();
												}
											}
								}
						}
						sqlExit();
?> 
			</body>
</html>
